Daily NCSC-FI news followup 2020-12-04


www.epressi.com/tiedotteet/teknologia/kutsu-traficomin-kyberturvallisuuskeskuksen-mediawebinaariin-onko-kodin-alylaite-avoin-ovi-hakkerille.html Verkossa olevat älylaitteet voivat olla kanava koteihin suuntautuviin tietoturvahyökkäyksiin. Siksi tuotteiden valmistajien ja markkinoijien täytyy varmistaa laitteidensa tietoturvataso. Miten vuosi sitten Liikenne- ja viestintävirasto Traficomin julkistama Tietoturvamerkki on otettu vastaan yrityksissä? Miten se auttaa kuluttajia löytämään tietoturvallisen älylaitteen?. Ilmoittaudu mediawebinaariimme viimeistään ti 8.12. klo 12.00

JAMK julkaisi avoimen verkkokurssin, joka vie keskelle kyberhyökkäystä osa suurempaa kyberharjoitusta

www.jamk.fi/fi/Uutiset/jamk-julkaisi-avoimen-verkkokurssin-joka-vie-keskelle-kyberhyokkaysta–osa-suurempaa-kyberharjoitusta/ Jyväskylän ammattikorkeakoulu on julkaissut välittömästi saataville kaikille avoimen kyberturvallisuuden verkkokurssin pilotin. Kurssi on avoinna 17.12. klo 15 saakka. Kurssi kytkeytyy Euroopan laajuiseen kyberturvallisuusharjoitukseen, jonka JAMK järjestää tammikuussa 2021.

Cyber-warning for festive shoppers

www.bbc.com/news/technology-55171454 Online shoppers are being warned of the risks of cyber-fraud during the festive season. The National Cyber Security Centre (NCSC) – part of GCHQ – is launching a major campaign called Cyber Aware with its first ever TV ads.

Novel Online Shopping Malware Hides in Social-Media Buttons

threatpost.com/online-shopping-malware-social-media-buttons/161903/ The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images. Read also:


Leaking Browser URL/Protocol Handlers

www.fortinet.com/blog/threat-research/leaking-browser-url-protocol-handlers Generally speaking when talking about Protocol Handlers we are referring to a mechanism which allows applications to register their own URI scheme. This enables the execution of processes through the use of URI formatted strings. In this post we will discuss what are protocol handlers and disclose two information disclosure vulnerabilities affecting three major browsers (namely – Firefox, Edge and Chrome). Exploiting these vulnerabilities will enable a remote attacker to identify the presence of a vast amount of applications that may be installed on a targeted system.

Metro Vancouver’s transit system hit by Egregor ransomware

www.bleepingcomputer.com/news/security/metro-vancouvers-transit-system-hit-by-egregor-ransomware/ The Egregor ransomware operation has breached Metro Vancouver’s transportation agency TransLink with the cyberattack causing disruptions in services and payment systems.

Alert Regarding Vulnerability (CVE-2020-17527) in Apache Tomcat

www.jpcert.or.jp/english/at/2020/at200045.html On December 3, 2020 (Local Time), Apache Software Foundation has released information regarding a vulnerability (CVE-2020-17527) in Apache Tomcat. According to the information, Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. It is possible that this could lead to the leakage between requests, while this would most likely lead to an error and the closure of the HTTP/2 connection.

IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain

securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/ At the onset of the COVID-19 pandemic, IBM Security X-Force created a threat intelligence task force dedicated to tracking down COVID-19 cyber threats against organizations that are keeping the vaccine supply chain moving. As part of these efforts, our team recently uncovered a global phishing campaign targeting organizations associated with a COVID-19 cold chain. The cold chain is a component of the vaccine supply chain that ensures the safe preservation of vaccines in temperature-controlled environments during their storage and transportation.

Cybersecurity Trends 2021: Staying secure in uncertain times

www.welivesecurity.com/2020/12/03/cybersecurity-trends-2021-staying-secure-uncertain-times/ ESET experts look back at some of the key themes that defined the cybersecurity landscape in the year that’s ending and give their takes on what to expect in 2021. Read also:


BlackShadow hackers extort Israeli insurance company for $1 million

www.bleepingcomputer.com/news/security/blackshadow-hackers-extort-israeli-insurance-company-for-1-million/ On Monday, a cybercrime group calling themselves ‘BlackShadow’ tweeted that they hacked into the Israeli Shirbit insurance company and stole files during the attack.

How Organizations Can Prevent Users from Using Breached Passwords

thehackernews.com/2020/12/how-organizations-can-prevent-users.html No matter how extensive your security solutions are, protecting the various systems in your environment, your organization may likely be an easy target without proper password security. An especially vulnerable type of password is a breached password, a.k.a “pwned” password. Read also:


Suomeen tulee outoja +212-soittoja tartuimme puhelimeen ja soitimme takaisin

www.is.fi/digitoday/tietoturva/art-2000007660321.html Suomeen soitetaan jatkuvasti huijauspuheluita. Suuri osa niistä on Microsoftin nimissä tehtäviä puhelintukihuijauksia, joissa soittaja väittää uhrin koneella olevan haittaohjelmia ja puhdistuksen olevan tarpeen. Soittajan tarkoitus on päästä uhrin rahoihin käsiksi. Toinen huijaustyyppi ovat wangiri- eli hälärihuijaukset, jotka perustuvat kalliiksi käyvään takaisinsoittoon.

The chronicles of Emotet

securelist.com/the-chronicles-of-emotet/99660/ More than six years have passed since the banking Trojan Emotet was first detected. During this time it has repeatedly mutated, changed direction, acquired partners, picked up modules, and generally been the cause of high-profile incidents and multimillion-dollar losses. The malware is still in fine fettle, and remains one of the most potent cybersecurity threats out there. The Trojan is distributed through spam, which it sends itself, and can spread over local networks and download other malware.

Tibet and Taiwan Targeted in Spearphishing Campaigns Using MESSAGEMANIFOLD Malware

www.recordedfuture.com/messagemanifold-malware-spearphishing-campaigns/ In October 2020, during an investigation of a spearphishing campaign targeting the Tibetan community, Recorded Future’s Insikt Group discovered links to an unknown threat activity group previously engaged in activity targeting Taiwanese legislators in May of 2020. Insikt Group identified multiple overlaps between the two campaigns, including the use of the same hosting provider, similar email themes, and the use of Google Drive links to download the same malware variant. In both campaigns, the group used an unreported malware variant which Insikt Group calls MESSAGEMANIFOLD.

How Cloudflare Became The Most Important Internet Company Nobody Has Heard Of

www.forbes.com/sites/johndunn/2020/12/04/how-cloudflare-became-the-most-important-internet-company-nobody-has-heard-of/ In a perfect world, big networks that hold up important parts of the Internet would never be brought down by single points of failure (SPOFs) but unfortunately there is no such thing as a perfect world.

Metro Vancouver’s transit system hit by Egregor ransomware

www.bleepingcomputer.com/news/security/metro-vancouvers-transit-system-hit-by-egregor-ransomware/ The Egregor ransomware operation has breached Metro Vancouver’s transportation agency TransLink with the cyberattack causing disruptions in services and payment systems.

Kmart nationwide retailer suffers a ransomware attack

www.bleepingcomputer.com/news/security/kmart-nationwide-retailer-suffers-a-ransomware-attack/ US department store Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned.

FBI: You may be a money mule and not even know it

www.bleepingcomputer.com/news/security/fbi-you-may-be-a-money-mule-and-not-even-know-it/ The FBI has warned of an increasing number of scammers preying on unemployed Americans by trying to recruit them into their money mule schemes and use them to launder funds obtained via fraud, online scams, and other types of criminal activities.

You might be interested in …

Daily NCSC-FI news followup 2019-07-28

Who’s Behind the Syrian Electronic Army? – An OSINT Analysis ddanchev.blogspot.com/2019/07/whos-behind-syrian-electronic-army.html Continuing the “FBI Most Wanted Cybercriminals” series I’ve decided to continue providing actionable threat intelligence on some of the most prolific and wanted cybercriminals in the World through the distribution and dissemination of actionable intelligence regarding some of the most prolific and wanted cybercriminals.. […]

Read More

Daily NCSC-FI news followup 2020-06-10

Ransomware attacks spike by 140%, 57% of organizations agree to pay atlasvpn.com/blog/ransomware-attacks-spike-by-140-57-of-organizations-agree-to-pay Data extracted and analyzed by Atlas VPN reveals, the amounts of demanded ransom payments increased by 140%, comparing the numbers of 2018 to 2019. More and more organizations succumb to blackmail: 57% of organizations settled and paid the ransom during the last 12 […]

Read More

Daily NCSC-FI news followup 2020-06-05

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails threatpost.com/trump-biden-campaign-apt-phishing-emails/156319/ Google TAG researchers warn that APTs are targeting campaign staffers for both Donald Trump and Joe Biden with phishing emails.. Huntley said that the Iran-linked APT targeting Bidens campaign staff was APT 31 (also known as Zirconium). According to reports, this threat actor is tied […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.